HOW TO SET UP A PAYMENT SERVICE PROVIDERS (PSP) COMPANY IN GHANA

The financial sector in Ghana has grown rapidly since 2010 and continues to evolve with the aid of technology. Fintech businesses in Ghana span the insurance, agriculture, banking and investment sectors. The number of Ghanaians with access to formal financial services has equally improved considerably. Despite all the challenges the country has experienced in building a more financially inclusive economy, there has been a significant growth in the number of financial access points over the years.

The need for a highly digitized payment system in Ghana became absolutely necessary during the outbreak of Covid-19 and fueled the determination of the government to digitize the country’s economy and provide the enabling infrastructure for the fintech industry players to innovate digital financial solutions. One of such players is the Payment System Providers (“PSPs”), who provide payment channels for use by the public and enable companies and individuals to transact business with ease.

PLEASE READ ON HOW TO SET UP A PAYMENT SYSTEMS COMPANY IN UGANDA BELOW:

HOW TO SET UP A PAYMENT SYSTEMS COMPANY IN UGANDA

WHAT REGULATORY AGENCY SUPERVISES PAYMENT SERVICE PROVIDERS IN GHANA?

PSPs are under the regulation of the Bank of Ghana (BOG) pursuant to the Payment Systems and Services Act 2019. BOG is responsible for supervising and providing regulations for PSPs. BOG focuses on ensuring that only FinTechs which have met the necessary regulatory and legal requirements are allowed to continue to provide these services to the financial sector on account of the potential risks they may pose to the sector when left unregulated. A PSP, for instance, is required to meet various conditions before getting with a licence of the BOG to operate in the financial and payment systems.

In providing regulations and guidelines for PSPs, the BOG is guided by the fact that payments systems were innovated for the following reasons:

• To prevent and or contain risks in payment, clearing and settlement systems;
• To establish a robust oversight and regulatory regime for the payment and settlement systems;
• To bring efficiency to fiscal operations of the Ghana Government
• To deepen financial intermediation;
• To discourage the use of cash for transactions while encouraging the use of non-paper based instruments;
• To promote financial inclusion without risking the safety and soundness of the banking system; and
• To develop an integrated electronic payment infrastructure that will enhance interoperability of payment and securities infrastructures.

WHAT ARE THE KEY LAWS REGULATING PSP LICENCE HOLDERS IN GHANA?

• THE PAYMENT SYSTMS AND SERVICES ACT, 2019 (ACT 987): This Act regulates the licensing regimes and operations of PSPs and electronic money issuers as well as agency network in Ghana.

• CYBER SECURITY ACT 2020 (Act 1038): This law was enacted in 2020 to cure the rampant problems of cyber-attacks of any kind in Ghana. The Act regulates owners of critical information in respect of cyber security activities, service providers and practitioners.

• ANTI-MONEY LAUNDERING ACT 2020 (Act 1044): This Act outlines all forms of unlawful activities and seeks to combat money laundering, terrorism financing and weapon financing. Fintech businesses are required to be anti-money laundering law compliant. As a necessary requirement for obtaining the Fintech licence of choice, applicants are required to attach their AML/CFT policy to their application to the BOG.

• ELECTRONIC TRANSACTIONS ACT 2008 (Act 772): This Act provides for the use, security, facilitation and the regulation of all forms of electronic communications and related transactions in the interest of the public.

• DATA PROTECTION ACT, 2012 (ACT 843): This Act regulates the act of processing, sharing, storage and transfer privacy of personal data of Ghanaians and other persons within Ghana. The Act requires Fintech businesses to register with the Data Protection Commission and adopt robust security measures to protect the integrity of personal data.

• INSURANCE ACT, 2021 (ACT 1061): This Act mandates Fintech companies in the insurance business to register with the National Insurance Commission and comply with the provisions of the Act. Also, the Payment Systems and Services Act above requires PSPs to engage in insurance models to get a licensed insurance company to underwrite their products.

HOW TO SET UP A PAYMENT SERVICE BANK IN NIGERIA

WHAT ARE THE CATEGORIES OF LICENCE OBTAINABLE FOR PAYMENT SYSTEMS IN GHANA?

There are six (6) classifications of PSP or FINTECH licences in Ghana as classified by the BOG. Each PSP licence allows a company to carry out specified permissible activities. It is an offence for a company carries on an activity that falls outside the permissible activities.

The categories of licences and their permissible activities are as follows:

DEDIDICATED ELECTRONIC MONEY ISSUER (DEDI):  The activities that are permitted under this category of licence are as follows:

• Recruitment and management of agents;
• Creation and management of wallet;
• P2P On Net/ Off Net;
• Cash-in and cash-out;
• Wallet based domestic money transfers including transfers to and from bank accounts;
• Investment, savings, credit, insurance and pension products (ONLY in partnership with banks and duly regulated institutions);
• Mobile money merchant acquiring; and
• Termination of inbound International Money Transfer.

PAYMENT SERVICE PROVIDER-SCHEME (PSP SCHEME): The permissible activities under this category of licence are;

• Domestic Card Brand Associations;
• Switching & routing of payment transactions and instructions.

SETTING UP A FINTECH PAYMENT COMPANY IN NIGERIA

PAYMENT SERVICE PROVIDER-MEDIUM (PSP MEDIUM): This licence enables holders to do the following:

• Connect to an Enhanced PSP to offer all permissible activities for PSP-Standard license;
• Payment aggregation which is connected to Enhanced PSP;
• Biller/Merchant Aggregation;
• Point of Sale (PoS) deployment;
• Printing of non-cash payment instruments (e.g., cheque);
• Mobile payment Apps (with liability shift).

PAYMENT SERVICE PROVIDER-ENHANCED (PSP ENHANCED): The holder of the PSP Enhanced can do:

• All permissible activities for PSP–medium license;
• marketplace for financial services offered by duty regulated financial service providers;
• merchant acquiring and merchant aggregation;
• Payment processing;
• Printing and personalization of EMV Cards;
• Inward international remittances services;
• Provision of 3rd party payment gateway services;
• Limited use closed loop virtual cards (funded via refunds, rewards & user’s other accounts).

PAYMENT SERVICE PROVIDER – STANDARD (PSP-STANDARD): This licence allows holder to render all services of Enhanced PSP but it is only reserved for Ghanaians and wholly owned Ghanaian entities.

PAYMENT AND FINANCIAL TECHNOLOGY SERVICE PROVIDER (PFTSP): This category of licensing is reserved by the BOG for critical service providers in the payment service industry. This is to ensure that outsourced activities within the banking and payment industry are brought under the regulatory scope of BOG for end-to-end regulation and supervision. Holders of this licence are permitted to connect to DEMIs, Permissible activities of PFTSP are as follows:

• Digital product development, delivery and support services for payments, savings, insurance, investments and loyalty schemes;
• Credit scoring predictive analysis;
• AML/CFT centralized platforms;
• Fraud management services; and
• Know Your Customer (KYC) and Customer Due Diligence (CDD) authentication services.

WHAT ARE THE REQUIREMENTS FOR OBTAINING THE PFTP LICENCE FROM THE BOG?

Unlike other licence categories, the PFTSP does not require many documents. Existing entities providing any of the above listed services and new entities who wish to provide any of the above listed services are required to attach the following requirements to their application:

• Company profile
• Governance structure
• IT Infrastructure architecture
• IT and security policy
• Mandatory ISO27001 certification
• Risk management framework
• Evidence of vulnerability assessment by an independent assessor
• Business continuity and disaster recovery plan
• Data protection and consumer protection policy
• Consumer protection and recourse mechanism
• Dispute resolution framework

WHAT ARE THE REQUIREMENTS FOR OBTAINING ANY OF THE PSPs LICENCE OTHER THAN PFTSP?

The documentary requirements that are common to all the categories of PSPs licence are as follows:

• Application letter,
• Overview of the Company including its history, date it was founded, registered business address in Ghana (Including digital address), registration documents from the Registrar General’s Department, a synopsis of the service to be offered;
• Details of External Auditors/ Accountants, and Bankers and all third-party service providers.
• Profile of shareholders indicating respective percentage shareholding and nationality;
• Shareholders Agreement and copies of share certificate
• Attestation from a notary public confirming ultimate beneficial owner(s) with 10% or more of total share ownership or voting rights 
• Number and profile of Board of Directors as required by the Payment Systems and Services Act, 2019 (Act 987), and Key Management Personnel  
• Organizational Chart;
• Profile of promoters where applicable.
• Business Plan 
• Covering business overview, market analysis, products and services to be offered including transactional limits, on-boarding process and Fees or Commissions to be charged where applicable 
  b) Five-year financial projections for the proposed business.
• Systems and Technology
• Information, Communication and Technology (ICT) Systems to be deployed 
• ICT Architecture diagram highlighting Security and Control 
• ICT Policy Framework 
• Security and Control (Including: Transaction Monitoring Tool, Fraud Monitoring and Detection Tool and at least two factor Authentication) 
• Business Continuity Program (including Disaster Recovery Plan) 
• Data Protection Certificate 
• ISO 27001 Certification and Compliance where applicable 
• PCI DSS Certification and Compliance where applicable 
• EV-SSL Tool where Applicable 
• Vulnerability Assessment/ Penetration Test 
• ICT Risk Assessment and Mitigation Measures.

• Personal Details of Directors, Shareholders and Key Management Personnel of the Company which includes:
• Position
• Name
• Gender
• Identification number and means of identification
• Place of birth
• Nationality
• Previous nationality (if any)
• Country of permanent residence
• Occupation/profession
• Parent’s details
• Correspondence address which includes digital address
• Contact details (phone number, emails etc.)
• Current residential address
• List of all previous address for the last three years where applicable
• Educational history
• Professional qualifications
• Employment history
• Shareholding information for persons with significant control of the shareholding of the company
• Number of shares and percentages
• Sources of funds used to purchase the shares
• Two persons of good standing that can attest to the character of the individual

• Enterprise Risk Management
• Risk and Mitigation Measures covering Operational, Market, Liquidity, Fraud, Legal, Credit and Funding Risks where applicable 
• Business Impact Assessment (BIA) 
• Anti-Money Laundering / Combating the Financing of Terrorism (AML/CFT) Policy

• Consumer Protection Policy: The Policy should be guided by the Consumer Recourse Mechanism Guidelines for Financial Service Providers (2017)
• Submission of copies of Service Level Agreement (SLA) with all partnering institutions.
• Shareholders, Directors and Key Management Personnel are required to complete Personal Questionnaire Forms
• ICT Policies which should include:
• Data Protection Policy
• ICT Acceptable Use Policy
• ICT Monitoring Policy
• ICT Information and Cyber Security Policy
• Remote Working Policy
• Data Collection and Sharing Policy
• Data Security Incident Procedure

Other requirements are as follows:

• PSP Medium Licence Applicants are required to be ISO 27001 compliant where applicable.
• PCI DSS standards applies to any organisation that holds, processes, or passes cardholder information from any card branded with the logo of any of the card brands. PSP Medium applicants are required to be PCI DSS compliant where applicable.
• PSP Standard Licence Applicants require Simple SSL where applicable.
• Risk and Mitigation Measures should be specific to the operations of the company, in line with Anti Money Laundering Act 2020 (Act 1044) and AML/CFT guidelines 2018.

IS THERE ANY SPECIFIC SHARE CAPITAL REQUIREMENT FOR OBTAINING A PAYMENT SYSTEM LICENCE?

Generally, companies seeking to do business in Ghana must have a minimum share capital requirement as recommended by the Companies Act.  However, there are some specific share capital requirements that are required in all payment system licence categories.  Please note that, for the purpose of payment system licence, the required share capital is referred to as Integrity Capital. Integrity Capital is the minimum share capital required for a company to be registered by the Registrar General Department.

The Integrity Capital for each category of payment system licences is as follows:

• DEDI: The integrity capital required is 20,000,000 Ghana Cedis
• PSP (Scheme): The integrity required is 8,000,000 Ghana Cedis
• PSP (Enhanced): The Integrity capital required is 2,000,000 Ghana Cedis
• PSP (Medium): The Integrity capital required is 800,000 Ghana Cedis
• PSP (Standard): This has no recommended integrity capital so can be incorporated with any share capital subject to other conditions like foreign participation.
• PFTSP: This also has no recommended integrity capital so can be incorporated with any share capital subject to other conditions like foreign participation.

IS THERE ANY CASH DEPOSIT REQUIREMENT?

Yes. It is important to note that the Integrity Capital of a payment system company is required to be deposited with the BOG from the time of operation till the company ceases operation. The deposit will be in a blocked account and inaccessible to Company whilst still operating. The funds however plus any accrued interest shall be released to the shareholders or creditors upon winding up less any liabilities (if any) as the case may be. This is different from the system in Nigeria where the deposited capital is refunded to the company once the licence is issued by the Central Bank of Nigeria.

ARE FOREIGNERS ALLOWED TO FULLY OWN PSPs IN GHANA?

While foreigners are allowed to fully own companies in Ghana, this is not the case for PSPs as they are required to have a joint venture with Ghanaians who must hold not less than 30% stake in the PSP company. This is to encourage local content in the Fintech industry in Ghana.

ARE THERE SPECIAL REQUIREMENTS FOR A SHAREHOLDER OF A PSP?

There are specific requirements with regards to the character and reputation of the shareholders of the PSPs. They are as follows:

• A shareholder should not have been convicted of an offence involving a financial transaction by a court of competent jurisdiction within the past ten years;
• A shareholder should not have filed for personal bankruptcy;
• A shareholder should not have been disqualified from practising a profession by a professional body;
• A shareholder should not have been involved in a past or present managerial function of a body corporate or other undertaking that have been a subject of insolvency or liquidation proceedings;
• The information provided by a shareholder in support of an application should not be false or misleading;
• A Significant Shareholder is required to provide evidence of the source of funds;

WHAT IS THE NUMBER OF DIRECTORS REQUIRED FOR PSPs?

Generally, a minimum of two (2) directors are required for registering private limited liability companies in Ghana with proof that one of the directors is resident in Ghana. However, companies applying for PSPs are required by the BOG to have three (3) directors with proof that two (2) of the directors are resident in Ghana.

ARE THERE ELIGILBILTY CRITERIA FOR DIRECTORS AND KEY MANAGEMENT PERSONNELS OF PSPs?

A regulated financial institution shall conduct fit and proper assessments both prior to the appointment of a Director or Key Management Personnel and on an on-going basis at least annually or whenever the regulated financial institution becomes aware of information that may materially compromise a person’s fitness and propriety.

Directors and Key Management Personnel shall be assessed for fitness and propriety against the following criteria:

• financial integrity
• reputation
• academic/professional qualification
• experience
• conflicts of interest
• time commitment
• collective suitability

Also note that the shareholders, directors and key management personnel of PSPs shall be subjected to proper scrutiny by the Financial Intelligence Center (“FIC”) of Ghana.

ARE THERE OTHER REGULATORY REGISTRATIONS FOR A PSP COMPANY?

Yes. All companies in Ghana must register with the Ghana Revenue Authority (“GRA”).

Also, all Fintech companies must be registered with the Data Protection Commission in compliance with the Data Protection Act.

All PSP companies must be duly registered with the FIC in compliance with the Anti-Money Laundering Act, 2008.

Where there is a foreign shareholder, the company must register with the Ghana Investment Promotion Commission (“GIPC”).

WHAT IS THE COST OF OBTAINING ANY OF THE CATEGORIES OF PSPs LICENCE?

The following are the costs to be considered according to the licence being applied for:

LICENCE	PROCESSING FEE (GHS)	LICENCE FEE (GHS)	RENEWAL FEE (GHS)	SHARE CAPITAL (GHS)
DEMI	25,000	100,000	10,000	20,000,000
PSP-MEDIUM	8000	15,000	5000	800,000
PSP-STANDARD	500	1000	200	No minimum capital required
PSP-ENHANCED	12000	40,000	8000	2,000,000
PSP-SCHEME	20,000	90,000	7000	8,000,000
PFTSP	10,000	20,000	5,000	No minimum capital required

Note that there will be associated cost with regards to incorporation of a PSP company, professional fee, and preparation of some of the documents required for the processing of a PSP licence.

WHAT IS THE VALIDITY PERIOD OF THE PSPs LICENCE?

A PSP licence is valid for a period of five (5) years after which it must be renewed.

WHAT IS THE TIMELINE FOR PROCESSING A PSP LICENCE?

A PSP licence is estimated to be completed in 6 to 7 months subject to BOG’s satisfaction with the documents submitted, character of the shareholders, directors and key personnel of the company.

THE BOOM ERA OF PoS BUSINESS IN NIGERIA: KNOWING THE RIGHT FINTECH COMPANY TO SET UP

**********************************************************************************

About KORIAT & CO.

We are a commercial law firm in Nigeria with network of lawyers and consultants in Ghana, Kenya and Rwanda. The above article is not legal advice and does not automatically make our readers our clients unless they specifically instruct us to act or represent them in any way.

We assist local and foreign clients to process company registration and business licences in Nigeria, Ghana, Kenya and Rwanda.

Please contact Koriat & Co. through admin@koriatlaw.com or 09067842241 if you require additional information about or assistance in making the application for a Payment Service Providers’ licence in Ghana, Nigeria, Kenya, Rwanda and Uganda.